Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Advanced Panelboxes for Confluence
id1
titleExercise Overview:

Table of Contents
maxLevel3
minLevel2
indent20px
excludeSummary|On this page|In this section...
separatornewline

Installing Tachyon

In this lab, we will install all Tachyon components onto the same server which we have prepared with the prerequisites, 1ETRNAP. This includes the roles and features required for the Tachyon installation. In addition, we will deploy the Tachyon clients once the server components have been installed.

Installing Tachyon components

Install Tachyon components

In this task, you will install Tachyon components on the Application server (1ETRNAP).

1evirtualmachine

1ETRNAP


1eolstart


1eli
On 1ETRNAP Launch the SkyTap Shared Drive shortcut from the desktop and download 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\TachyonPlatform.v5.2.5.165.zip to C:\Temp (if a password window is shown the password is Passw0rd)


1eli
Also download tachyon.lic from 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\ to c:\temp


1eli
Navigate to c:\temp and right click on TachyonPlatform.v5.2.5.165.zip and choose Extract All


1eli
From C:\Temp\TachyonPlatform.v5.2.5.165 double click Tachyon.Setup.exe


1ehot tip

The user we're logged in with, 1ETRN\AppInstaller is a local admin on this server and has sysadmin rights in SQL. Both rights are required to install Tachyon.


1eli
On the Welcome page click Next


1eli
On the Documentation page, click Next


1eli
On the License Agreement page select I accept the terms of the license agreement and click Next


1eli
On the License file page, click browse and select tachyon.lic in c:\temp. Click Open. Click Next


1eli
Review the properties of the license file to get a feel for what it entails. Specifically, the MaxCount value as well as the thumbprints for the different Features


1eli
On the Select Configuration page, confirm the install location is C:\Program Files\1E and Click Next


1eli
On the Check prerequisites page click Start checking


1ediscussion point

Note all the different prereqs that are required for Tachyon. In a production environment, different components might already be installed on the server. The Tachyon installer will check for all the prereqs and allow you to install the outstanding ones directly through the installer using PowerShell scripts.


1eli
Click Install missing prereqs


1ehot tip

A PowerShell window will open for each prerequisite.


1eli
Once all the prerequisites are installed, click on Check Again to revalidate. Click Next


1eli
On the Server certificate page Select the Tachyon Web Certificate, note that all the available Computer Certificates enrolled on this server are displayed. Click Next


1ewarning

The following three properties, Subject, Serial number and Signature algorithm are not expected to show green checks in the Result column, there will be a warning on Subject alternate name, as we only have one DNS name, we do not have a DMZ server, if the remaining Properties do not show the tick then the certificate was not configured properly. You will need to delete the certificate and re enroll it using the correct properties, or possibly create a new template.


1eli
On the Client certificates page, Click Next


1eli
On the Database server page, ensure that (local) is in each field. Click Validate. On the validation passed box, click Ok. Click Next


1eli
On the BI SSAS database settings page, in the BI SSAS User (domain account) section enter 1ETRN\svc_BI in Username and Passw0rd in the password fields. ensure that (local) is in the SSAS server field. Click Validate. Click Ok on the Validation passed box. Click Next


1eli
On the Number of Devices page, ensure the Number of devices is set to 1500. Click Next


1ewarning

The license is client count sensitive, so Tachyon will not work if you set it to higher than the license count from your license file.


1eli
On the Switch configuration page, click validate. There are two warnings these can be looked at, but do not need remediation. Click Next


1eli
On the Website Configuration page, in the Main website binding section leave the default settings. and leave all other default settings, click Next


1ehot tip

The HTTP Host Header is used internally by Tachyon components; thus, we use the FQDN of the server. The HTTPS Host Header will be used by Tachyon agents and Tachyon users; thus, we use the DNS alias. If you clicked validate, then you can ignore the error message at this time, we will rectify it later.


1ehot tip

The HTTPS Host header sets the host header used by the alternate HTTPS binding used by the Tachyon website.

This is mandatory when installing on a DMZ Server, and used for the internal-facing network.

Optionally used by the following if you do not want the the main HTTPS binding, for example if you want to use a different HTTPS port:

  • Tachyon clients connecting to the background channel
  • Application Migration clients running task sequence and connecting to the SLA Provider API
  • AppClarity software reclaimer connecting to the SLA Provider API


1eli
On the Active Directory and email Configuration page, enter the following and Click Validate, close the validation check. Click Next


1eimplementationicontable

Active Directory: LDAP://1etrn.local
SMTP Server: 1ETRNDC.1ETRN.LOCAL
Mail From: Tachyon@1etrn.local
Enable two-factor authentication: Checked


1ehot tip

Two-factor authentication prompts users to enter a onetime authorization code in addition to their password to confirm the submission of an action instruction. The code is delivered via email or to a registered mobile device. If this setting is disabled, administrators can execute instructions without the second factor authentication.


1eli
On the Telemetry page read the screen, but leave I consent checked. Click Next (enabling or disabling and setting the frequency at which the data is sent is looked at in Ex 8 - Tachyon v5.2 - Install and Configure - Post installation optional configuration) Also leave User Interface telemetry unticked, this is also looked at in Ex8


1eli
On the SLA and 1E Catalog page, DO NOT Check the Enable AI-based auto-curation. Click Next


1ediscussion point

We cover AI-based auto-curation in the AppClarity course. And how to enable this post install in Ex 8 - Tachyon v5.2 - Install and Configure - Post installation optional configuration 


1eli
On the Nomad synchronisation page, enter 1ETRNCM as the Configuration Manager Site server


1eli

Leave the Nomad sync value set to 30, and click on Validate, a message stating no errors were detected should be displayed


1eli

In the Certificate to be used by the Background Channel Proxy, click Select and choose the Certificate with the longest Expiry Date,  and select Client Certificate in the type of authentication drop list, and click OK


1eli

Click on Validate, a message stating no errors were detected should be displayed, click OK and then click Next


1eli
On the Ready to Install page, click Install. It will take a few minutes to finish the install. You can see the install log scrolling


1eli
On the Installation results, click Next


1eli
On the Post-installation Checks, Click Start Checking.


1ediscussion point

This will display a check of all the components installed and ensure they are configured correctly. If there are any issues the Tachyon Installer will help you resolve them.


1eli
Scroll through the checks and on the first warning – Configuration of loopback-check security feature. Click on Warning in the Info column. In the Warning box click on Fix this issue for me. In the Done box click Ok


1eli
If there are any other errors or warnings click on them to investigate


1eli

The final row of the Post Installation checks is the Product Packs are available option click on the Deploy link.


1ebest practice

We could at this stage decide to ignore this but we will invoke the Tachyon Product Pack Deployment Tool to automatically import any product packs and move them into instruction sets (named the same as the .zip file). There is already a folder called ProductPacks in the same location as the Tachyon.Setup.exe (which we have just downloaded and extracted). The ProductPacks folder contains by default the files for the Tachyon Product Pack Deployment Tool and the Classic and Integrated folders with some 1E Product Packs you may want to bulk import into Tachyon. You can also add any additional product pack.zip files you have created or downloaded and wish to import.

We will in later exercises look at uploading Product packs from the Tachyon Exchange.


1eli

The Tachyon Product Pack deployment tool will open, the server URL is pre populated with the URL, In the middle section the product packs are listed, all are selected, and in the Results panel the version of the Deployment Tool and the connection status is listed.


1eli
Click on Upload selected, the product packs are now being uploaded and assigned to Instruction Sets.


1eli
Once completed click close


1eli
Click close again to close the Tachyon Setup wizard


1eli

Following the step to fix the loopback-check a reboot was prompted to be carried out prior to continuing with the install, restart the server at this point


Review the installation

In this task, you will observe the changes made by the Tachyon server installation

1evirtualmachine

1ETRNAP


1eolstart
startat39


1eli
Log back into the server as 1ETRN\AppInstaller after the reboot


1eli
Launch Google Chrome and navigate to https://tachyon.1etrn.local/tachyon (following a fresh install it can take a few minutes for the license to be checked and the screen to populate, you may see an error message, refresh the screen a few times it will clear)


1eli
The Tachyon Portal should open and display the 9 Applications that are available – AppClarity, Application Migration, Experience, Explorer, Guaranteed State, Inventory, Nomad, Patch Success, and Settings. Some will have a green check mark as our license allows us to have all of the Applications, and the user alread has permissions, others will show a red warning as we are yet to configure permissions.


1eli
Browse to C:\Program Files\1E\Tachyon and note the following folders:


Folder

Description

Background

Binaries associated with the Background Channel, which is used to download content to clients

ConfigurationViewer

Binaries used for validation and troubleshooting. The Configuration tool also allows for exporting of configuration to disk.

Consumer

Binaries associated with the Consumer API. It provides access to the Tachyon platform via IIS

Coordinator

Binaries associated with the Workflow and Instrumentation services

Core

Binaries associated with the Core component and its APIs

Database

Binaries associated with the configuration of the Master and Response databases

Experience

Binaries associated with the configuration of the Experience component

Portal

Binaries for the Portal to display the Applications that are available to launch.

Switch

Binaries associated with the Switch service used to provide real time communication between Tachyon agents and the Platform

TachyonExternal

Folder defining the Tachyon website. Also, used to manage redirection


1eli
Open Internet Information Services (IIS) Manager from the start menu. Navigate down to the websites and expand Tachyon


1eli
Note the different web applications running under Tachyon


1eli
With the Tachyon website selected, click on Bindings in the Actions pane on the right, select the https type, and click Edit


1eli
Note that the web certificate we enrolled is bound to the website on https port 443. Exit out of bindings


1eli
With the Tachyon website selected, double click on IP Address and Domain Restrictions in the middle pane. Note nothing is configured here


1eli
Click on each individual application beneath the Tachyon website and double click each of the AuthenticationSSL Settings and IP Address and Domain Restrictions and confirm they are set as shown. Note that some have Requestors configured, while others do not


Application

Authentication

SSL Settings

IP Address and Domain Restrictions

Tachyon

Windows

Require SSL

Not Configured

Admin

Windows

Not Configured

Not Configured

Background

Anonymous and Windows

Require SSL

Not Configured

CatalogWeb

Anonymous and Windows

Not Configured

Not Configured

Consumer

Windows

Require SSL

Not Configured

ContentDistribution

Anonymous and WindowsNot ConfiguredNot Configured

Core

Anonymous

Require SSL

Local IP addresses

CoreExternal

Anonymous

Not configured

Not Configured

Experience

Windows

Require SSL

Not Configured

Platform

Windows

Not Configured

Not Configured


1ebest practice

Tachyon is set up on both HTTP port 80 and HTTPS port 443. HTTP on port 80 is used only internally by different Tachyon components, thus explicit permissions are given only to those applications. This ensures a higher level of security.


1eli
Open the Services applet from the start menu. Validate the 2 Tachyon services running, 1E Tachyon Coordinator and1E Tachyon Switch Host, as well as the 1E Catalog Update Service, and the 3 SLA 3 Services that begin 1E SLA Platform services


Service

Description

1E Tachyon Coordinator

This service is a central component that manages all the components other than the switch.

1E Tachyon Switch Host

This service is used to control all the switch processes configured to run. It automatically starts each Switch process, restarting them if they terminate, and allowing them to be stopped gracefully via the Service Control Manager.


1eli
Browse to C:\ProgramData\1E\Licensing. Note the files in here


1ehot tip

These files are used to validate the licensing against a back-end licensing server in the cloud. Note the Tachyon license file(.lic) used to install Tachyon is also present here.


1eli
Browse to C:\ProgramData\1E\Tachyon. There are multiple folders and logs here associated with different Tachyon components


1eli
Open the Tachyon.Switch.Host.log. Search for NumberofSwitches. Note that the log shows the 1 switch we installed


1ebest practice

Up to 5 switches can be installed on a single server, and the 1E Tachyon Switch Host service would manage them all. Each switch can manage 50,000 devices for a total of 250,000 devices per server.


1eli
Open Tachyon.Switch.Host.log. Note the configuration information and the application of the certificate


1eli
Open the Tachyon.Coordinator.log. Search for AnalyzeCertificate: Note our thumbprint and the details on our certificate. Note the next lines in the log shows our license being checked and becoming active and the date that it will expire


1eli
Note the 5 folders under C:\ProgramData\1E\TachyonContent, Installers, PerfCounters, PolicyDocuments and Updates, all but PerfCounters have a web.config file


1ehot tip

The Content folder contains any content, generally in the form of scripts, which are required for instructions. These scripts are embedded into the Instruction XML file but are extracted and placed in this folder to allow agents to download them via the Background Channel using IIS. We will get into Instruction and scripts soon enough.


1ehot tip

The Installers folder would contain installers if we are updating the Tachyon agent via Tachyon itself.


1ehot tip

The Updates folder is used to update the Tachyon agent through Tachyon itself without having to redeploy an msi.


1eli
From the Start screen, start SQL Server Management Studio, connect to the local Database Engine, and navigate to the Databases node. Expand the TachyonMaster database. Note that the installer has created objects (tables, stored procedures etc.)


1eli
Expand the TachyonResponses database. Expand tables, and note that there are a very small number of objects created


1ediscussion point

The Response database holds transient data on a per action basis temporarily, hence it is a very basic database.


1eli
Expand the SLA-BI database. Look at the tables that are created


1eli
Expand the BI.Event Log table. This table holds the Business Intelligence event log date


1eli
Right click the BI.Event Log table and choose Select Top 1000 rows. Notice the columns


1ehot tip

You may not see any data here. If you needed to troubleshoot any BI or Cube Data issues you would look in this table for information.


1eli
From the Task Bar, open Google Chrome and browse to https://tachyon.1etrn.local


1ehot tip

Note the error. This is due to the restrictions that have been set in IIS on the different spaces within the website.


1eli
Go back to Google Chrome and Browse to https://tachyon.1etrn.local/tachyon


1ediscussion point

If you are familiar with the prior versions of Tachyon notice the change. We no longer navigate to the Tachyon Explorer via https://tachyon.1etrn.local/Explorer - now we have the Tachyon Portal. The Tachyon Explorer is still here, don't worry!


1eli
From the Tachyon Portal click on the Settings Application


1eli
Explore the other nodes that are available. Instructions will be empty. We will add some instructions sets later


1eli
Click on Switch app and notice the available options


1ehot tip

You will not be able to open any of the other applications as this account has limited access to the platform. Notice that our account cannot even see AppClarity, Explorer, Experience, Inventory, Guaranteed State or Patch Success in the Switch App menu.


1eli
In the Settings Application and navigate to Permissions - Users


1eli
Note the only user displayed is the user we installed Tachyon with (aside from Network Service and the app server machine account)


1eli
Click on 1ETRN\Appinstaller and review the permissions


1ebest practice

By default, the account that Tachyon is installed with has limited rights, one of them being Permissions Administrators, which can create new users and roles. This account cannot change its own permissions, so it is important to use an installer account which you do not want to have any admin rights beyond the basic rights afforded the installer account.


1eli
Navigate to Monitoring - Infrastructure Log and Audit Information log to review the different actions taken within Tachyon since install


1eli
Spend a few minutes looking around. We will get into the finer details of the platform in the next lab


Installing the 1E Client

Now that the back end has been installed, it is time to get some clients reporting into our environment. In this exercise, we will install the 1E Client manually on a single machine, and then deploy the client to the rest of our environment via ConfigMgr. As of this version of Tachyon the 1E Client has replaced the Tachyon Agent.

Copy the 1E Client Install to the Config Mgr Server

1evirtualmachine

1ETRNAP


1eolstart
startat71


1eli
Log into 1ETRNAP as 1ETRN\AppInstaller


1eli
Launch the skytap shortcut from the desktop. Download and copy 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\1EClientDeploymentAssistant.v1.6.0.21.zip to c:\temp then right click and extract all


1eli
Navigate to Agent Installation Files and Copy the 1E Client 5.2.2.523 folder to ConfigMgrSource\software via the shortcut on the desktop


Install the 1E Client Manually

1evirtualmachine

1ETRNW101


1eolstart
startat74


1eli
Ensure all workstations are powered on


1eli
Log onto 1ETRNW101 as 1ETRN\User


1eli
From the start menu, type Certificate and click on Manage computer certificates to launch the certificates mmc console


1eli
In the console, right click Personal, and select All Tasks>Request New Certificate


1eli
Click Next


1eli
On the Select Certificate Enrollment Policy click Next


1eli
Note there is only one certificate available for enrollment. Select the Computer certificate and click Enroll


1eli
Once enrolled, click Finish


1ehot tip

A client certificate is required to authenticate against the Tachyon switch. The certificate has been enrolled on all the other clients, including the servers, ahead of time. If a Windows client certificate already exists on your client devices, no additional certificates will be required.


1eli
From the ConfigMgr Content Source folder on the desktop, navigate down to \software\1E Client 5.2.2.523


1eli
Copy 1E.Client-x86.msi to c:\sources


1eli
From the taskbar, run the command prompt


1eli
Switch to the c:\sources directory and run the following command line to start the 1E Client installation wizard


Code Block
msiexec /i 1E.Client-x86.msi /l*v 1EClient.log


1eli
On the Welcome to the 1E Client Installer screen click Next


1eli
On the License Agreement screen select I accept the terms of the license agreement and click Next


1eli
On the Installation Folder screen accept the default location and click Next


1eli
On the Tachyon screen, enter TACHYON.1ETRN.local:4000 for the Switch


1eli
On the Background Channel URL, enter https://tachyon.1etrn.local/Background for the Background Channel. Click Next


1eli
On the Nomad screen, select the Enable Nomad Checkbox


1eli
Select the Enable Platform features Checkbox


1eli
Select the Content registration Checkbox


1eli
Leave Single-Site Download (SSD) and Use FIPs encryption unchecked and click Next


1eli
On the PXE Everywhere screen, select the Enable PXE Everywhere checkbox


1eli
Set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx


1eli
Leave the other checkboxes unchecked and click Next


1eli
On the Shopping screen, Click Next


1eli
On the WakeUp screen, click Next


1eli

On the Ready to Install the 1E Client screen, Click Install. On the User Account Control pop-up click OK. When install is completed, click Finish



Validate the 1E Client Install

1evirtualmachine

1ETRNW101


1eolstart
startat101


1eli
On the client machine, launch the Services applet from the desktop


1eli
Confirm the 1E Client and the 1E Nomad Branch services areinstalled and are running


1eli
Navigate to c:\programdata\1E\Client


1eli
Note there are DBs and Persist folders and a log file present


1eli
Double- click the 1E.Client.log file and review the log (ensure the client has connected to the switch: Connected to Switch tachyon.1etrn.local


1eli
Note upon service startup, the client is setting the Switch to tachyon.1etrn.local:4000 as defined in the installer


1eli
Review the other settings in the log


1eli
There are 2 subfolders: DBs and Persist


1ehot tip

The Persist folder holds the persistent data for the client. Items such as last instruction processed, or tags reside here. We will review this folder later when we use Tachyon. The DBs folder contains an encrypted database where the Tachyon Activity Record feature stores data from various data sources.


1eli
Navigate to c:\program files\1E\Client and review the content


1eli
Right-click 1E.Client.conf and select Open With and open with Notepad


1eli
Review the different sections of the config file, ensuring you do not make any changes. Note that the settings displayed in the log file are all defined here


1ediscussion point

The 1E Client settings are defined in the config file. In a later exercise, we will use Tachyon itself to make changes to these settings.


1eli

Close the config file, ensuring no changes were made. If asked to save it, click NO


1eli
Click in the system tray and observe there is an icon to provide feedback to IT, this is for Surveys which will be looked at in the Using Experience training



Installing the 1E Client using the 1E Client Deployment Assistant via ConfigMgr

In most enterprises, there will be a Systems Management platform to manage devices in the environment. In our lab we will use ConfigMgr, but the concept of deploying the 1E Client as a piece of software will apply to any Systems Management platform.


1evirtualmachine

1ETRNCM


1eolstart
startat114


1eli
Log into 1ETRNCM as 1ETRN\SCCMADMIN


1eli

Navigate to \\1etrnap\Temp and copy the 1EClientDeploymentAssistant.v1.6.0.21 folder to c:\temp


1eli
Open the copied folder and launch the 1EClientDeploymentAssistant.exe


1eli
Click Run on the Open File - Security Warning


1eli
On the Welcome page click Next


1eli
On the License Terms page check I accept the license terms. Click Next


1eli
On the Configuration Manager Connection page click connect. Once it connects click Next


1eli
On the General settings page 1E License File field click browse and select the licenses.txt file in the 1EClientDeploymentAssistant folder


1eli
On the Application and Package Content Sources fields type in \\1etrndc\ConfigMgrSource\Software


1eli
Check the Distribute Content box and select All Distribution Points from the drop-down. Click Next


1eli
On the Agent selection page Uncheck all the boxes except for the 1E Client 5.2.2.523. Click Next


1ehot tip

If we were installing PXE Everywhere, NightWatchman, or Web Wakeup the license keys would be populated from our licenses.txt file located in the same folder as the Client Deployment Assistant executable. We are only installing the Tachyon module of the 1E Client for this lab so we do not need a license key as Tachyon is licensed on the server components.


1eli
On the 1E Client 5.2.2.523 page Change the Limiting Collection to All Desktop and Server Clients Click Next


1eli
On the Tachyon and other client settings page Switch field type in Tachyon.1etrn.local:4000


1eli
In the Background Channel field type in https://tachyon.1etrn.local:443/Background


1eli
Leave Enable Inventory and Enable Interaction checked and click Next


1eli

On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share, Prevent Failing Over to BITS, Delivery Optimization Reporting and P2P Protocol SMB are selected. Click Next


1ediscussion point

We will be enabling Single Site Download, Fanout and Peer Backup Assistant in the Nomad course.


1eli
On the PXE Everywhere  Settings page select the Enable PXE Everywhere checkbox


1eli
Set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx and click Next


1eli
Once the Summary page activates the Create button click Create


1eli
Once that completes click Next


1eli
Click Finish


1eli
Launch the ConfigMgr console from the taskbar


1ebest practice

Our lab is configured to create our applications and packages for only workstation class devices. You can modify this by editing your AppImport.xml in your 1E Client Deployment Assistant folder. We will edit our application to include the servers.


1eli
Navigate to Software Library – Application Management – Applications


1eli
Select the 1E Client 5.2.2.523 and click Deployment Types tab at the bottom


1eli
Right Click the 1E Client x64 deployment type and choose Properties


1eli
Click the Requirements tab. Click the Operating System requirement type and click the edit button


1eli
Scroll down and select all the x64 Server Operating Systems also. Click Ok. Click Apply. Click Ok


1eli
Navigate to Assets and Compliance and click on Devices


1eli
Multi-select all the devices in the Lab except for 1ETRNDC and add them to an existing collection – 1E Client 5.2.2.523 – Required


1eli
Once the collection membership shows 7


1eli
Right Click on the 1E Client 5.2.2.523 – Required collection and choose Client Notification – Download Computer Policy


1ediscussion point
At this stage, the 1E Client has been deployed to all the clients in the lab environment. We will move onto the next exercise and validate that the clients have installed a bit later, as the deployment will take a few minutes.


1eli

Repeat the client validation steps from above on any of the workstations to ensure the client has installed correctly


Lab Summary

In this lab, we installed Tachyon on a single server. We used components from the prereqs we installed/configured in the previous lab required by Tachyon. Once installed, we validated the install by evaluating the binaries, the web components, the services, and the databases. Once validated, we launched the Tachyon Portal, and reviewed the console.
We then installed a 1E Client manually on one workstation. We validated the install on the client, then configured a package for deployment of the 1E Client agent via ConfigMgr. Once the package was created, we deployed it to our 1E Client collection for install.


Next Page
Ex 3 - Tachyon v5.2 - Install and Configure - Configure Users and Roles